[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 26 20:23:47 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab0ccb6c by Salvatore Bonaccorso at 2020-02-26T21:23:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60175,7 +60175,7 @@ CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive
CVE-2019-6745
REJECTED
CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Xiaomi Mi6 Browser
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -64181,7 +64181,7 @@ CVE-2019-5167
CVE-2019-5166
RESERVED
CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...)
- shadowsocks-libev 3.3.3+ds-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
@@ -64193,7 +64193,7 @@ CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPR
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5161
RESERVED
CVE-2019-5160
@@ -64211,7 +64211,7 @@ CVE-2019-5155
CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5152 (An exploitable information disclosure vulnerability exists in the netw ...)
- shadowsocks-libev <unfixed> (unimportant)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
@@ -64226,7 +64226,7 @@ CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.
CVE-2019-5149
RESERVED
CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
@@ -64236,21 +64236,21 @@ CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScr
CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
NOT-FOR-US: Kakadu Software SDK
CVE-2019-5143 (An exploitable format string vulnerability exists in the iw_console co ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5142 (An exploitable command injection vulnerability exists in the hostname ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5141 (An exploitable command injection vulnerability exists in the iw_webs f ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5140 (An exploitable command injection vulnerability exists in the iwwebs fu ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability exists in m ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5138 (An exploitable command injection vulnerability exists in encrypted dia ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgent bin ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-5135
RESERVED
CVE-2019-5134
@@ -66651,9 +66651,9 @@ CVE-2019-4002
CVE-2019-4001
RESERVED
CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated code in ...)
- TODO: check
+ NOT-FOR-US: Druva inSync Mac OS Client
CVE-2019-3999 (Improper neutralization of special elements used in an OS command in D ...)
- TODO: check
+ NOT-FOR-US: Druva inSync Windows Client
CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
@@ -67625,7 +67625,7 @@ CVE-2019-3672
CVE-2019-3671
RESERVED
CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3669
RESERVED
CVE-2019-3668
@@ -91437,7 +91437,7 @@ CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N
CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...)
NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...)
- TODO: check
+ NOT-FOR-US: Drobo 5N2
CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...)
NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...)
@@ -95094,7 +95094,7 @@ CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002R
CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
NOT-FOR-US: TOTOLINK
CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
NOT-FOR-US: TOTOLINK
CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
@@ -254592,7 +254592,7 @@ CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.j
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...)
NOT-FOR-US: ZTE router
CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/45e2a260/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list